Data Breach Complacency: Why Business Has to Fight It

‘Breach fatigue’ has become a huge issue - and risk - that could impact your business reputation.

Also known as "data breach complacency", it is when consumers stop hearing all the news about retail hackings and other cyber-security breaches. And, that’s because they’ve heard and read about these crimes so often.

But as a result, consumers become less concerned and vigilant about protecting themselves from fraud.

In a 2014 Ponemon study more than 1/3 of consumers reported they ignored data breach notification letters and did not take action to protect themselves from fraud.

Experian data has shown that fewer than 1/10 consumers who have had personal information exposed in a major data breach take advantage of credit monitoring services.

Why should business be worried about data breach complacency?

It’s still on the increase. Experian’s Data Breach Industry Forecast reports that in 2014 the average U.S. adult received three notices of a data breach that affected them. It also forecasts data breach fatigue will continue to grow. On the business side, the Ponemon Institute reports that 43% of companies experienced a data breach in 2014 compared to 33% in 2013. All organizations still need to do more to protect the confidential information they handle.

Breach fatigue gives criminals the upper hand. Increasingly, more and more confidential data is getting into the hands of cyber and other criminals. When consumers do not protect themselves against fraud, it is easier for criminals to commit identity theft and other crimes.

Data breach complacency may infiltrate the workplace. A lax attitude about security can lead to more careless behavior on the part of the employees, notes a blogger at scalersecurity.com. A culture of security from the top down is important.

There’s so much at stake. Poor security impacts not only the company and individuals that were hacked but possibly the company's business partners, customers, and employees. Information thieves access confidential information in many different ways.

Breach notification is the law. There are different industry and state privacy laws, and earlier this year, President Obama supported a national notification law. To confront data breach fatigue and protect business reputation, industry experts recommend a range of information security best practices as well as timely and accurate notification policies. In a bankinfosecurity.com article, Eva Casey Velasquez, president of Identity Theft Resource Center said: “The solution is more access to good, solid information and resources for consumers so they can really understand what this means.” Apologize, tell customers exactly what happened, and explain clearly how they can protect themselves.

Consumers still care. While news of data breaches may not impact consumers like they first did, the 2014 Aftermath of a Data Breach: Consumer Sentiment by Ponemon showed that most consumers still believe that organizations should be obligated to provide identity theft protection (63%) and credit monitoring services (58%).

Showing leadership strengthens business reputation. “The shift in security perception is a good opportunity for companies to position themselves as leaders in their industries when protecting their customer data,” said a blogger at obileenterprise.edgl.com. How an organization manages a data breach can be a deciding factor in terms of consumer loyalty.

100% NAID CertifiedNorth American Shred-it locations are NAID Certified for mobile document destruction, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.